China irks US with computer security review rules

Agencies|

Dec 09, 2008, 11.34 AM IST

0Comments

BEIJING: The Chinese government is stirring trade tensions with Washington with a plan to require foreign computer security technology to be submitted for government approval, in a move that might require suppliers to disclose business secrets.

Rules due to take effect May 1 require official certification of technology widely used to keep e-mail and company data networks secure. Beijing has yet to say how many secrets companies must disclose about such sensitive matters as how data-encryption systems work. But Washington complains the requirement might hinder imports in a market dominated by U.S. companies, and is pressing Beijing to scrap it.

``There are still opportunities to defuse this, but it is getting down to the wire,'' said Duncan Clark, managing director of BDA China Ltd., a Beijing technology consulting firm. ``It affects trade. It's potentially really wide-scale.''

Beijing tried earlier to force foreign companies to reveal how encryption systems work and has promoted its own standards for mobile phones and wireless encryption.

Those attempts and the new demand reflect Beijing's unease about letting the public keep secrets, and the government's efforts to use its regulatory system to help fledgling Chinese high-tech companies compete with global high-tech rivals. Yin Changlai, the head of a Chinese business group sanctioned by the government, has acknowledged that the rules are meant to help develop China's infant computer security industry by shielding companies from foreign rivals that he said control 70 percent of the market.

The computer security rules cover 13 types of hardware and software, including database and network security systems, secure routers, data backup and recovery systems and anti-spam and anti-hacking software. Such technology is enmeshed in products sold by Microsoft Corp., Cisco Systems Inc. and other industry giants.

Giving regulators the power to reject foreign technologies could help to promote sales of Chinese alternatives. But that might disrupt foreign manufacturing, research or data processing in China if companies have to switch technologies or move operations to other countries to avoid the controls. Requiring disclosure of technical details also might help Beijing read encrypted e-mail or create competing products.

``I think there's both a national security goal and an industrial policy goal to this,'' said Scott Kennedy, an Indiana University professor who studies government-business relations in China. ``I'm sure before they came out with this, there was a discussion with industry and industry probably was giving them lots of requests about what should be included.''

American officials objected to the rules in August at a regular meeting of the U.S.-China Joint Commission on Commerce and Trade.

``We don't believe China imposing these regulations is consistent with its trade commitments,'' said a U.S. Embassy spokesman, who spoke on condition of anonymity in line with official policy. ``If there is an international standard that has been agreed upon by the international community, then that's the standard.''

China agreed to delay releasing detailed regulations pending negotiations, but has not postponed the May enforcement deadline. No date has been set for more talks.

``We don't really view them announcing a delay in publication as a resolution to the issue,'' the American official said.

The agency that will enforce the rules, the China Certification and Accreditation Administration, said in a written statement they are meant to protect national security and ``advance industry development.'' But it did not respond to questions about what information companies must disclose and how foreign technology will be judged.

An official of one foreign business group said companies were reluctant to talk publicly for fear of angering Chinese authorities while negotiations were under way.

Microsoft, Cisco, Sun Microsystems Inc. and security-software makers McAfee Inc. and Symantec Corp. did not respond to requests for comment. A spokesman for chip maker Intel Corp. said it would obey Chinese law but did not respond to questions about how it might be affected. A spokeswoman for personal computer maker Dell Inc. said it could not comment until detailed regulations are released. A spokesman for IBM Corp. said its products are not covered by the rules.

China has one of the largest technology markets, with more than 253 million Internet users and 590 million mobile phone accounts. It has tried to leverage that to promote its high-tech industries, which lag foreign competitors.

China prompted an outcry in 2006 when it tried to require computer and phone companies to use its WAPI wireless encryption standard. That would have given Chinese companies that developed the standard a head start in creating products and let them collect royalties from foreign competitors. Beijing dropped its demand after Washington complained it was a trade barrier.

In 2001, Beijing tried to require computer and software suppliers to disclose how their encryption systems worked. That was scrapped after companies said the demand was too broad and trade secrets might fall into the hands of Chinese competitors.

China also developed its own standard for third-generation mobile phones to compete with two global standards. But it agreed to let Chinese carriers use all three standards after U.S. and European officials expressed concern that it might try to keep out foreign technology.